Essential Functions
* Take a lead role in the delivery of BAU Identity and Access management operations.
* Participate in the design, installation, maintenance, upgrades, and troubleshooting of applications and tools directly impacting the InfoSec Identity service deliverables.
* Active Directory (AD), Azure Active Directory/Entra ID:
* Analyze, design, implement, and support the hybrid on-premises and cloud Active Directory environment.
* Collaborate with business and technical partners to integrate systems and applications with centralized authentication using AD.
* Implement security baselines and recommended best practices for AD.
* Provide subject matter expertise on Azure AD and Entra ID.
* Support and maintain Entra ID Enterprise Applications and other integrated solutions
* Collaborate closely with global cross-functional teams to ensure stability and security.
* Support synchronization and federation between on-premises AD, Azure AD, and Entra ID.
* Troubleshoot and optimize synchronization processes to maintain consistency across environments.
* Privileged Management (PIM, PAM, and Endpoint Privilege Management):
* Implement time-based and approval-based role activation to mitigate risks associated with privileged accounts.
* Administer PAM platforms, including Centrify, CyberArk, and Quest Active Roles Server.
* Design and implement controls for managing privileged access on endpoints (Windows, macOS, Linux).
* Collaborate with system administrators and security teams to enforce least privilege principles.
* Implement and manage role-based access control (RBAC) for various systems and applications.
* Define and enforce group-based access policies to elevate privileges when necessary.
* Identity Governance and Administration (IGA):
* Contribute during phases of design, configuration, deployments, and operations in the area of IAM.
* Work on access management, identity governance, and identity management solutions.
* AWS Identity and Azure Identity:
* Leverage AWS Identity and Access Management (IAM) and Azure Active Directory for secure cloud identity management.
* Integrate IAM policies and roles with AWS services and Azure resources.
* Develop and maintain integrations between Entra ID and Linux-based systems.
* Ensure seamless authentication and authorization for Linux users.
* Automation of User and Device Onboarding/Offboarding:
* Develop and maintain scripts or workflows to automate user and device provisioning and deprovisioning.
* Streamline the onboarding and offboarding processes to enhance efficiency and security.
* Application Certification and Secret Lifecycle Management:
* Collaborate with application owners to certify and manage access to critical applications.
* Ensure secure handling of application secrets (API keys, passwords, etc.) throughout their lifecycle.
* Participate in on-call rotation, providing 24x7 escalation capabilities
* Participation within incident response efforts as Incident Commander.
* Other duties as assigned or directed.
Education, Experience, and Skills required
* Proven experience as a Senior Active Directory/Entra ID Engineer or similar role with a 5 to 8 years of experience.
* Advanced knowledge of Active Directory, Azure Active Directory/Entra ID, Lightweight Directory Access Protocol (LDAP).
* Familiarity with PIM, PAM, and IGA concepts.
* Experience with endpoint privilege management, AWS IAM, Azure AD, and Linux integration.
* 1+ years of experience with cloud infrastructure, networking and security, preferably with AWS and Azure. Platform certification are a plus.
* Experience with orchestration and automation solutions utilizing a variety of API’s, scripting languages or commercial orchestration tools.
* Experience with creating and reviewing workflow processes and technical documentation.
* Comfortable with mentoring other team members, providing guidance and direction during incident response and engineering efforts.
* Familiarity with regulations and frameworks such as NIST, PCI, SOC, HIPAA, SSAE 16/SOC 1, SOC 2, ISO 17799/27002
* Preferred but not required:
* Bachelor’s degree in CyberSecurity, computer science, Information Technology or related field or equivalent work experience
* Relevant Microsoft certifications such as Microsoft Certified: Identity and Access Administrator Associate, Microsoft Certified: Azure Security Engineer Associate, or other industry certifications (e.g., CISSP, CISM, CompTIA Security+).
* Certifications including but not limited to: CISSP – Certified Information
* Systems Security Professional, CISM – Certified Information Security
* Manager, ISSAP – Information Systems Security Architecture Professional,
* CEH – Certified Ethical Hacker, AWS Certified Solution Architect